I'm going to vote -1 on this one. I think https://issues.apache.org/jira/browse/CLOUDSTACK-5145 should be addressed as cloudstack is leaking data from users to other users who don't own the data. The data isn't extremely sensitive, it only gives away vpc ids that you don't own and acl information (port, protocol, cidr), but nothing about who owns them and where they're applied. It does however break the behavior of the API for those consuming it and will impact performance since all ACLs in the system are dumped, so I think it warrants blocker status.
I took a look at fixing it myself, but am thus far pretty confused at how data access is supposed to work. Most other examples I could find extended ControlledEntity, and thus had the account/domain info in the table. The network ACL items don't (Only extending InternalIdentity), which requires either a schema change or a double join to get to the account owner. Since I get the feeling that I don't know what I'm doing, I'm at the mercy of someone else to help fix it. On Tue, Dec 3, 2013 at 5:48 AM, sebgoa <run...@gmail.com> wrote: > > On Dec 3, 2013, at 1:24 PM, Abhinandan Prateek > <abhinandan.prat...@citrix.com> wrote: > >> Hi All, >> >> There were some issues found in the 4.2.1 RC that was earlier approved by >> voters. >> As a result the RC has to be re-spun. There is not much of a difference >> between this and the one approved earlier apart from some additional fixes. >> > > Can you be more specific ? what fixes required a re-vote ? > > also looking at the changes file, it lists "new features" in 4.2.1, yet this > is a bug fix release that should not have new features. > >> The current vote is to approve the current RC build for 4.2.1 maintenance >> release. >> For this particular release various upgrade paths have been tested apart >> from regression tests and BVTs. >> Around 175 bugs have been fixed some new features added (see Release Notes). >> >> Following are the particulars for this release: >> >> https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs/heads/4.2 >> commit: 6ba071b159f5da6f86ff1b48cd6c2d555d60124d >> >> List of changes are available in Release Notes, a summary can be accessed >> here: >> https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob_plain;f=CHANGES;hb=4.2 >> >> Source release revision 3816 (checksums and signatures are available at the >> same location): >> https://dist.apache.org/repos/dist/dev/cloudstack/4.2.1/ >> >> PGP release keys (signed using RSA Key ID = 42443AA1): >> https://dist.apache.org/repos/dist/release/cloudstack/KEYS >> >> Vote will be open for 72 hours (until 12/05 End of day PST). >> >> For sanity in tallying the vote, can PMC members please be sure to indicate >> "(binding)" with their vote? >> >> [ ] +1 approve >> [ ] +0 no opinion >> [ ] -1 disapprove (and reason why) >> >
